MAC bridging and sniffing packets with specific Ethertype

• Previous message: Bruce Eitman \(eMVP\): "Re: ?Anybody get it?"
• Next in thread: Jeff Kelley [MS]: "Re: MAC bridging and sniffing packets with specific Ethertype"
• Reply: Jeff Kelley [MS]: "Re: MAC bridging and sniffing packets with specific Ethertype"
• Messages sorted by: [ date ] [ thread ]

Date: 13 Oct 2004 09:39:37 -0700

We are considering development of a simple bridge base on the Windows
CE 4.2 or 5.0.
We plan to use Mbridge.dll for this purpose. On one of the interfaces
(802.3) additionally to the IP traffic, which will be bridged, there
will traffic destined to the bridge interface card. The bridge will
use this traffic to exchange with the device, directly connected to
this interface, some configuration information. The proprietary
protocol will be used for this purpose. This protocol is defined
directly above Ethernet header (no IP header). We want to filter this
traffic based on the Ethertype or SNAP header.

It looks like that it is possible to write an application to receive
and send Ethernet packet using NDISUIO protocol driver (ReadFile,
WriteFile operations). There is an IOCTL_NDISUIO_SET_ETHER_TYPE
operation allowing to set type of Ethernet packet to be filtered (by
default it is 0x8001).
If we change it, does it mean that application will receive only this
type of Ethernet packets or the NDIS driver will filter these packets
and won't allow receiving any other packets on this interface?
Would it take any effect on the Mbridge? Will the Mbridge module
receive packets with other Ethertypes from this interface?
What about packets filtered by our application? Would they be sent to
the Mbridge module as well? I found info in the msdn that for the
simultaneous access for multiple application operations requiring
packets replication within NDIS are not supported. However in this
case the Mbridge is not typical application acting in the user mode,
it operates in the kernel mode. Does it matter in this case?

If you could provide me with some example code to filter Ethernet
packets with specific Ethertype field, it would be great!

Maybe I am wrong approaching the problem in this way. Any advises?

Thanks in advance for any help!

Kamila Piechota

• Previous message: Bruce Eitman \(eMVP\): "Re: ?Anybody get it?"
• Next in thread: Jeff Kelley [MS]: "Re: MAC bridging and sniffing packets with specific Ethertype"
• Reply: Jeff Kelley [MS]: "Re: MAC bridging and sniffing packets with specific Ethertype"
• Messages sorted by: [ date ] [ thread ]